Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-03 | CVE-2014-1553 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2014-09-02 | CVE-2014-5340 | Code Injection vulnerability in Check MK Project Check MK The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | 9.3 |
| 2014-08-29 | CVE-2014-2593 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager 6.3.0.60730 The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | 9.0 |
| 2014-08-28 | CVE-2014-4619 | Improper Authentication vulnerability in EMC RSA Identity Management and Governance EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | 9.3 |
| 2014-08-26 | CVE-2014-3524 | Command Injection vulnerability in multiple products Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | 9.3 |
| 2014-08-23 | CVE-2014-2634 | Remote Unauthorized Access vulnerability in HP Service Manager Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors. | 9.4 |
| 2014-08-23 | CVE-2014-2632 | Remote Privilege Escalation vulnerability in HP Service Manager Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2014-08-22 | CVE-2014-5246 | Permissions, Privileges, and Access Controls vulnerability in Tenda A5S and A5S Firmware The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | 10.0 |
| 2014-08-21 | CVE-2014-5210 | Code Injection vulnerability in Alienvault Open Source Security Information Management The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805. | 10.0 |
| 2014-08-21 | CVE-2014-5158 | Code Injection vulnerability in Alienvault Open Source Security Information Management The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |